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Top Stories 

• A British Airways flight caught fire on the runway of McCarran International Airport in 
Las Vegas September 8, leaving 13 people injured. - CNN (See item 4 ) 

• Residents in Red Springs, North Carolina, were issued a 72-hour boil advisory notice 
beginning September 8 after 2.5 million gallons of stored water was lost due to a broken 
water line. - WBTW 13 Florence (See item 8) 

• California State University officials reported September 8 that the personal information of 
nearly 80,000 students enrolled in an online sexual violence prevention course was exposed 
by hackers through a third-party vendor. - Los Angeles Times (See item 13 ) 

• A security researcher discovered seven zero-day stack-based buffer overflow 
vulnerabilities affecting Advantech’s WebAccess software used in human-machine 
interfaces (HMI) and supervisory control and data acquisition (SCAD A) systems which an 
attacker could exploit for remote code execution. - Securityweek (See item 18 ) 
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Energy Sector 



See items 16_and 18 

Chemical Industry Sector 

See items 16 and 18 

Nuclear Reactors, Materials, and Waste Sector 

See items 16 and 18 

Critical Manufacturing Sector 

See items 16 and 18 

Defense Industrial Base Sector 

Nothing to report 

Financial Services Sector 

1. September 8, U.S. Securities and Exchange Commission - (International) SEC charges 
video management company executives with accounting fraud. The U.S. Securities 
and Exchange Commission charged two former executives at KIT Digital September 8 
with accounting fraud in connection to schemes in which the executives allegedly 
manipulated the company’s books and misled investors, including an off-the-books 
slush fund used to generate payments back to the company while creating a false 
appearance that the company was being paid for its products, among other deceptions. 
Source: http://www.sec.gov/news/pressrelease/2015-183.html 

2. September 8, U.S. Securities and Exchange Commission - (National) SEC charges 
three RMBS traders with defrauding investors. The U.S. Securities and Exchange 
Commission charged three former Nomura Securities International residential 
mortgage-backed securities (RMBS) traders September 8 with fraud, alleging that the 
suspects misrepresented RMBS bids, offers, prices, and spreads, generating at least $7 
million in fraudulent revenue. The suspects also allegedly invented phantom third-party 
sellers and fictional offers for bonds that the company already owned. 

Source: http://www.sec.gov/litigation/litreleases/2015/lr23336.htm 

Transportation Systems Sector 

3. September 9, South Florida Sun-Sentinel - (Florida) FHP identifies four killed in 
crash along US 27. All northbound lanes of U.S. 27 near Broward County were closed 
for several hours September 8-9 while police investigated a fatal head-on collision 
that killed 4 people and injured 1 other. 

Source: http://www.sun-sentinel.com/news/sfl-highwav-patrol-four-killed-in-accident- 
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along-u-s-27-20150908-story.html 



4. September 9, CNN - (Nevada) British Airways plane catches fire at Las Vegas 
airport; 13 injured. A British Airways flight headed to London’s Gatwick Airport 
caught fire on the runway of McCarran International Airport in Las Vegas September 
8, leaving 13 people injured when all 172 passengers and crew members evacuated the 
plane. The Federal Aviation Administration reported that the aircraft’s left engine 
caught fire before takeoff. 

Source: http://www.cnn.com/2015/09/08/us/las-vegas-british-airways-fire/ 

5. September 8, Las Vegas Sun - (Utah) Allegiant flight headed to Las Vegas makes 
emergency landing in Utah. An Allegiant Air flight headed to Las Vegas from 
Bismarck, North Dakota, made an emergency landing in St. George, Utah, September 7 
after experiencing a potential maintenance issue during the flight. No injuries were 
reported and passengers were rebooked onto a different flight. 

Source: http://lasvegassun.com/news/2015/sep/Q8/allegiant-flight-headed-las-vegas- 
makes-emergency-/ 

Food and Agriculture Sector 

6. September 8, U.S. Food and Drug Administration - (Oklahoma) Okarche Bakery, 
issues allergy alert on undeclared milk, soy, wheat and Yellow #5 in frozen cookie 
dough. The U.S. Food and Drug Administration reported September 8 that Okarche 
Bakery of Okarche, Oklahoma, issued a recall for all of its Okarche’s Old Fashioned 
Gourmet Cookie Dough due to undeclared milk, soy, wheat, and Yellow #5 after a 
label review revealed the allergens. The product was distributed in Oklahoma City and 
surrounding areas through fundraisers. 

Source: http://www.fda.gov/Safety/Recalls/ucm46161 1 .htm 

7. September 8, U.S. Department of Agriculture - (New York) Schrader Farms Meat 
Market recalls beef product due to possible non-0157 E. coli contamination. 
Romulus, New York based-Schrader Farms Meat Market issued a recall September 8 
for approximately 20 pounds of its ground beef products due to potential contamination 
with non-0157 Shiga toxin-producing E. coli after routine establishment testing 
revealed the product was prematurely sold. The products were sold at the Schrader 
Farms retail store in Seneca County. 

Source: http://www.fsis.usda.gov/wps/portal/fsis/topics/recalls-and-public-health- 
alerts/recall-case-archi ve/archive/20 1 5/recall- 121-2015 -release 



Water and Wastewater Systems Sector 

8. September 8, WBTW 13 Florence - (North Carolina) Car crash leads to boil water 
advisory in Red Springs. Residents in Red Springs, North Carolina, were issued a 72- 
hour boil advisory notice beginning September 8 after a vehicle hit a fire hydrant and 
ruptured a water line September 4. The break caused a 2.5 million gallon water 
shortage and officials estimated that water service would be restored after several 
hours. 
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Source: http://wbtw.com/2015/09/08/car-crash-leads-to-dry-water-taps-in-red-springs/ 



For additional stories, see items 16 and 18 

Healthcare and Public Health Sector 

9. September 8, KELO 11 Sioux Falls - (South Dakota) Semi crashes into senior center. 
The Good Samaritan Society’s Luther Manor senior home in Sioux Falls suffered over 
$200,000 in damage after an unoccupied semi-truck crashed into 6 unoccupied cars in 
the parking lot, pushing them into the building September 8. 

Source: http://www.keloland.com/newsdetail.cfrn/semi-crashes-into-senior- 
center/?id= 184743 

Government Facilities Sector 

10. September 9, NBC News; Associated Press - (Washington) First day of school 
canceled as Seattle teachers vote to strike. The Seattle Education Association 
announced September 8 that all classes were cancelled for district schools September 9, 
affecting 53,000 public school students, after city teachers voted to strike over salary 
differences, staff evaluations, and workload relief. 

Source: http://www.nbcnews.com/news/us-news/first-day-school-cancelled-seattle- 
teachers-vote-strike-n423991 

11. September 8, Asbury Park Press - (New Jersey) Snow day in summer? Keyport 
schools closed. Keyport Public Schools in New Jersey cancelled classes for September 
8 following a malfunctioning electrical component at Central School. Classes were 
expected to resume September 9. 

Source: http://www.app.com/storv/news/local/monrnouth-countv- 
bavshore/kevport/2015/09/08/kevport-schools-closed-power-outage/7 1892294/ 

12. September 8, Washington Examiner - (Washington, D.C.) Pentagon food court 
computers hacked, exposing employees’ bank information. A U S. Department of 
Defense spokesperson announced September 8 that an unknown number of employees 
may have had their financial information compromised after hackers infiltrated the 
Pentagon food court’s computer system in Washington, D.C. Officials are investigating 
the breach. 

Source: http://www.washingtonexaminer.com/pentagon-food-court-computers-hacked- 
exposing-employees-bank-information/article/257 1 606 

13. September 8, Los Angeles Times - (California) Cal State data breach hits nearly 
80,000 students. California State University officials reported September 8 that the 
personal information, including login information, gender, race, sexual identity, and 
campus-issued email addresses of nearly 80,000 students enrolled in an online sexual 
violence prevention course through the third-party vendor, We End Violence, was 
exposed by a vulnerability in the underlying code. Authorities are investigating the 
breach which involved eight university campuses. 

Source: http://www.latimes.com/local/lanow/la-me-ln-cal-state-data-breach-201509Q8- 
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story.html 



For another story, see item 22 

Emergency Services Sector 

Nothing to report 

Information Technology Sector 

14. September 9, Securityweek - (International) Microsoft patches Windows 
vulnerability exploited in the wild. Microsoft released security bulletins patching over 
50 vulnerabilities, including a Win32k memory corruption flaw allowing privilege 
escalation that has been exploited in the wild, a kernel address space layout 
randomization (ASLR) bypass, a Windows Media Center remote code execution (RCE) 
vulnerability, a .NET Framework integer overflow, and a memory corruption flaw in 
the Edge and Internet Explorer Web browsers, among others. 

Source: http://www.securitvweek.com/microsoft-patches-windows-vulnerability- 
exploited-wild 

15. September 9, Securityweek - (International) Adobe patches critical vulnerabilities in 
Shockwave Player. Adobe released an update addressing two critical memory 
corruption vulnerabilities in its Shockwave Player for Microsoft Windows versions 
12.1.9.160 and earlier that could allow an attacker to take control of an affected system 
and execute malicious code. 

Source: http://www.securitvweek.com/adobe-patches-critical-vuhierabilities- 
shockwave-player 

16. September 9, Securityweek - (International) ICS flaw disclosures at high levels since 
Stuxnet attack: Report. Findings from a report published by Recorded Future 
revealed a dramatic increase in disclosed industrial control system (ICS) vulnerabilities 
since a 201 1 Stuxnet attack targeting Iran’s nuclear facilities, including almost 50 new 
vulnerabilities discovered in 2015 through mid-July. 

Source: http://www.securityweek.com/ics-flaw-disclosures-high-levels-stuxnet-attack- 
report 

17. September 8, Securityweek - (International) NETGEAR patches vulnerability in 
Wireless Management System. NETGEAR released a firmware update addressing a 
vulnerability in its WMS5316 ProSafe 16AP Wireless Management System running 
version 2.1.4.15 (Build 1236) in which an attacker could gain unauthorized access and 
privilege escalation by including a specific symbol in the password value for the 
system’s login. 

Source: http://www.securityweek.com/netgear-patches-vulnerabilitv-wireless- 
management-system 

18. September 8, Securityweek - (International) Researcher discloses zero-day flaws in 
Advantech WebAccess. A security researcher discovered seven zero-day stack-based 
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buffer overflow vulnerabilities affecting Advantech’s WebAccess software versions 8.0 
and earlier used in human-machine interfaces (HMI) and supervisory control and data 
acquisition (SCAD A) systems which an attacker could exploit for remote code 
execution. 

Source: http://www.securitvweek.com/researcher-discloses-zero-day-flaws-advantech- 
webaccess 



19. September 8, SC Magazine - (International) Verified Play Store apps found to be 
spreading MKero malware. Security researchers from Bitdefender discovered 
malware dubbed MKero present in at least seven Google Play Store apps that uses a 
CAPTCHA translation service that evades detection to automatically sign users up for a 
premium short message service (SMS). 

Source: http://www.scmagazine.com/bitdefender-details-new-android- 
malware/article/4373 84/ 



Internet Alert Dashboard 



To report cyber infrastructure incidents or to request information, please contact US-CERT at soc@us-cert.gov or 
visit their Web site: http://www.us-cert.gov 

Information on IT information sharing and analysis can be found at the IT ISAC (Information Sharing and 
Analysis Center) Web site: http://www.it-isac.org 



Communications Sector 

Nothing to report 

Commercial Facilities Sector 

20. September 9, WSAZ 3 Huntington - (Kentucky) Displaced tenants and business 
owners dealing with aftermath of massive Paintsville fire. Several businesses and 
apartment units from a complex were destroyed in Paintsville, Kentucky, September 7 
due to a massive fire that started at Sparetime Bowling and spread to surrounding areas, 
displacing eight families. The cause of the fire remains unknown. 

Source: http://www.wsaz.com/home/headlines/Large-Fire-Reported-at-Bowling-Allev- 
in-Paints ville-Ky-325 5 18521 .html 



21. September 8, SC Magazine - (North Carolina) About 2,500 customer credit cards 
affected in Mohu website breach. Approximately 2,500 customers were notified by 
North Carolina-based consumer electronics company Mohu that their credit card 
information, names, addresses, phone numbers, and other personal data was 
compromised during a July attack on the company’s official Web site. Mohu 
implemented additional security measures after an attacker allegedly penetrated 
Mohu’s security systems, inserted malicious code, and removed personal information. 
Source: http://www.scmagazine.com/about-2500-customer-credit-cards-affected-in- 
mohu-website-breach/article/437357/ 
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Dams Sector 



22. September 8, Twins Falls Times-News - (Idaho) Park at Twin Falls Power Plant 
closes for Dam upgrade. Officials from the Twins Falls Power Plant in Snake River 
Canyon reported the closure of its park September 8 while Idaho Power begins 
construction on the dam and boat launch area to enhance safety measures including 
replacement of aging wooden flashboards with concrete extensions. The plant will 
remain closed until the end of the year. 

Source: http://magicvallev.com/lifestyles/recreation/park-at-twin-falls-power-plant- 
closes-for-dam-upgrade/article 7b58b20a-4b01-500c-b66a-4ecf85df3991.html 

23. September 8, KPHO 5 Phoenix/KTVK 3 Phoenix - (Arizona) Massive slab of unstable 
rock disrupting river activities near Glen Canyon Dam. An estimated 500,000 
pound rock slab that is beginning to slide from the canyon wall and into the river raft 
near the Glen Canyon Dam in Arizona prompted officials from the Bureau of 
Reclamation’s Upper Colorado Region to temporarily close access to the river raft 
launch near the dam September 8 while crews install bolts into the rock to secure the 
slab. 

Source: http://www.kpho.com/story/29984679/massive-slab-of-unstable-rock- 
disrupting-river-activities-near-glen-canyon-dam 

For additional stories, see items 16 and 18 
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Department of Homeland Security (DHS) 

DHS Daily Open Source Infrastructure Report Contact Information 

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday 
through Friday] summary of open-source published information concerning significant critical 
infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for 10 days on 
the Department of Homeland Security Web site: http://www.dhs.gov/lPDailyReport 

Contact Information 

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS 

Daily Report Team at (703) 942-8590 

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow 

instructions to Get e-mail updates when this information changes . 

Removal from Distribution List: Send mail to support @ govdelivery.com . 



Contact DHS 

To report physical infrastructure incidents or to request information, please contact the National Infrastructure 
Coordinating Center at nicc@hq.dhs.gov or (202) 282-9201. 

To report cyber infrastructure incidents or to request information, please contact US-CERT at soc@us-cert.gov or visit 
their Web page at www.us-cert. gov . 

Department of Homeland Security Disclaimer 

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform 
personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright 
restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source 
material. 
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